projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 81a6c781 | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| beab098d | 5 | Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] |
| 4d94ae00 | 6 | |
| bf5773fa DSH |
7 | *) New function X509_POLICY_NODE_print() which prints out policy nodes. |
| 8 | [Steve Henson] | |
| 9 | ||
| 216659eb DSH |
10 | *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality. |
| 11 | This will generate a random key of the appropriate length based on the | |
| 12 | cipher context. The EVP_CIPHER can provide its own random key generation | |
| 13 | routine to support keys of a specific form. This is used in the des and | |
| 14 | 3des routines to generate a key of the correct parity. Update S/MIME | |
| 15 | code to use new functions and hence generate correct parity DES keys. | |
| 16 | Add EVP_CHECK_DES_KEY #define to return an error if the key is not | |
| 17 | valid (weak or incorrect parity). | |
| 18 | [Steve Henson] | |
| 19 | ||
| e1a27eb3 DSH |
20 | *) Add a local set of CRLs that can be used by X509_verify_cert() as well |
| 21 | as looking them up. This is useful when the verified structure may contain | |
| 22 | CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs | |
| 23 | present unless the new PKCS7_NO_CRL flag is asserted. | |
| 24 | [Steve Henson] | |
| 25 | ||
| 6446e0c3 DSH |
26 | *) Extend ASN1 oid configuration module. It now additionally accepts the |
| 27 | syntax: | |
| 28 | ||
| 29 | shortName = some long name, 1.2.3.4 | |
| 30 | [Steve Henson] | |
| 31 | ||
| 5c98b2ca GT |
32 | *) Reimplemented the BN_CTX implementation. There is now no more static |
| 33 | limitation on the number of variables it can handle nor the depth of the | |
| 34 | "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack | |
| 35 | information can now expand as required, and rather than having a single | |
| 36 | static array of bignums, BN_CTX now uses a linked-list of such arrays | |
| 37 | allowing it to expand on demand whilst maintaining the usefulness of | |
| 38 | BN_CTX's "bundling". | |
| 39 | [Geoff Thorpe] | |
| 40 | ||
| 46ef873f GT |
41 | *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD |
| 42 | to allow all RSA operations to function using a single BN_CTX. | |
| 43 | [Geoff Thorpe] | |
| 44 | ||
| 4acc3e90 DSH |
45 | *) Preliminary support for certificate policy evaluation and checking. This |
| 46 | is initially intended to pass the tests outlined in "Conformance Testing | |
| 47 | of Relying Party Client Certificate Path Processing Logic" v1.07. | |
| 48 | [Steve Henson] | |
| 49 | ||
| 7f663ce4 GT |
50 | *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and |
| 51 | remained unused and not that useful. A variety of other little bignum | |
| 52 | tweaks and fixes have also been made continuing on from the audit (see | |
| 53 | below). | |
| 54 | [Geoff Thorpe] | |
| 55 | ||
| 875a644a RL |
56 | *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with |
| 57 | associated ASN1, EVP and SSL functions and old ASN1 macros. | |
| 7f663ce4 | 58 | [Richard Levitte] |
| 875a644a | 59 | |
| b6358c89 GT |
60 | *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results, |
| 61 | and this should never fail. So the return value from the use of | |
| 62 | BN_set_word() (which can fail due to needless expansion) is now deprecated; | |
| 63 | if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro. | |
| 64 | [Geoff Thorpe] | |
| 65 | ||
| 9e051bac GT |
66 | *) BN_CTX_get() should return zero-valued bignums, providing the same |
| 67 | initialised value as BN_new(). | |
| 68 |